3.6 KiB
Using secrets with Mend cloud Apps
The information on this page is for the Mend-hosted cloud apps:
- Renovate App on GitHub
- Mend App on Bitbucket
- Mend App on Azure DevOps
If you self-host, you can skip reading this page.
⚠️ Migrate secrets in your Renovate config file ⚠️
Use of encrypted secrets in the Mend Renovate cloud apps has been deprecated and soon the apps will stop reading secrets from the Renovate config file in your repository. You must migrate any secrets you currently keep in the Renovate config file, and put them in the app settings page on developer.mend.io. To add secrets you must have admin-level rights.
Read Migrating encrypted secrets from Repo Config to App Settings to learn more.
Managing secrets for the Mend-hosted cloud apps
This section explains how you manage secrets for the Mend-hosted cloud apps. If you self-host you do not need this section.
Adding a secret
To add a secret for the Mend cloud app:
-
Go to the web UI at developer.mend.io.
-
Open your organization/repository settings.
-
Put the secret in the Credentials section:
-
Reference the secret from Renovate config files inside the repo. Alternatively, you can use the Host Rules UI (see below).
{ "hostRules": [ { "matchHost": "github.com", "token": "{{ secrets.MY_ORG_SECRET }}" } ] }
Adding a host rule through the UI
You can centrally add/configure Host Rules through the Mend UI as an alternative to including them in Renovate presets.
-
Open the Credentials section of the settings page for the relevant Org or Repo.
-
Select
ADD HOST RULE
to open the "Add a Host Rule" dialog box. -
Fill out the details for your host rule.
As an example, if you are a Bitbucket or Azure DevOps user, and you want to specify a github.com token to fetch release notes and enable github-based datasources, you could create a host rule like this:
Organization secrets vs repository secrets
Secret scope
Secrets can be scoped to your organization or to your repository:
Secret scoped to your | What will happen? |
---|---|
Organization | Secrets are inherited by all repositories in your organization |
Repository | Secrets are referenced by that repository only |
Make changes on the right page
The web UI has two settings pages. One page is for the organization, and the other page is for the repository.
Make sure you're making the changes on the right page!
Example
The screenshot shows inherited organization secrets and specific repository secrets.
Managing organization-level secrets
The Installed Repositories table means you are on your organization's page. Select the Settings button to manage your organization secrets:
Managing repository-level secrets
The Recent jobs table means you are on your repository's page. Select the Settings button to manage your repository secrets: